What is the correct way to logout after OAuth?

I have integrated Zoom OAuth in the MacOS app (with Zoom Meeting SDK).

Where the app is redirected the user to the browser and the browser is redirected the user back to the application if the auth is success.

But I have a question about logout: what is the correct way to logout?

There are two endpoints:

  1. POST: https://zoom.us/oauth/revoke
    Account in browser is still active after this request. And user isn’t showed Zoom’s OAuth ways page (Google, FB, etc), just signing in automatically.
  2. DELETE: https://api.zoom.us/v2/users/{userId}/token
    User is showed Zoom’s OAuth ways page (Google, FB, etc) even after reauth (and that’s what I want), BUT this request initiate logout from ALL clients where I was logged in.

Maybe there is one more way to logout?

PS: First I asked the question for #meeting-sdk category. But I was advised to reask it here.

Problem
the main problem for me for now that after https://zoom.us/oauth/revoke endpoint using if I want to sign in again - browser make a “auto login”, I mean browser redirects me to the app without Zoom’s OAuth ways page (Google, FB, etc) and without the page where I can select an account.

Question
How can I reach the behavior when after revoke request I won’t have “auto login” with the last logged user in my browser?

macOS Monterey Version 12.1
Safari Version 15.2 (17612.3.6.1.6)

Hi, is any updates about Zoom logout method?

Hi, is there any updates about this question?

@anton.yereshchenko,

After you revoke an OAuth token, everything restarts from scratch. The user will have to sign in again.

@donte.zoom Hi, thank you for the answer!
Could you please confirm that revoke api method should logout the current user from the browser too?
and after revoking it should not be an auto login effect?

For example I mean the user who have used gmail to enter.

thank you!

Correct, @anton.yereshchenko!
It should not be an auto-login effect after revoking; the user will have to authenticate your app to use it again. You can test this edge case by adding a user, then revoking their access token.

@donte.zoom , Hi, thank you for confirmation!

[USING Revoking: https://zoom.us/oauth/revoke]
by an auto-login effect I mean the behaviour, when the browser doesn’t give ability to select a new account (or way to login) and redirects to the application using the last known account (attached demo video).

sign in - zoom oauth procedure
sign out - revoking an access token

should I remove cookies? or something like this to open Sign in page after revoking?
Sign in page:

Hi @anton.yereshchenko, yes please try clearing browser cookies as it is likely having the user credentials persist. Can you please report back and let us know if this works?

Gianni

@anton.yereshchenko,

When you say should you remove cookies to open Sign in page after hitting the revoke endpoint. Are you saying that after removing cookies, you are not able to open the Sign in page ? Please see this post for more details on the expected results of hitting the revoke endpoint :

Revoking-an-access-token

@donte.zoom,

So as I understand we should use access token revoking when we want to remove the app from “Added Apps”, shouldn’t we?
Maybee revoking isn’t what I’m looking for.
I need the endpoint to logout from current session (not from all, if it posible)
Just to sign out from the current account, with ability to select another account or login way.
Is it supported for now?

@gianni.zoom , thank you
I need to check it :ok_hand:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.